another way of protection is throttling down TCP SYN attempt rate per IP address. At least it will save you some CPU, as the SSH daemon won't have to process every request:
https://txlab.wordpress.com/2013/06/29/protecting-a-vpbx-from-dos-attacks/
On Mon, Jul 2, 2018 at 11:25 AM, Tobias Oetiker tobi@oetiker.ch wrote:
Good Morning
are you running an ssh daemon on non standard ports to avoid some of the drive-by-scanning ? we have been doing that for quite some time now with great reduction of scanning noise ... since yesterday this has changed ... we are getting a lot of connection attempts ...
are you seeing this too ? is someone actively looking for ssh across the whole port range or is this 'personal' ?
cheers tobi
-- Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland www.oetiker.ch tobi@oetiker.ch +41 62 775 9902
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog